4.9  Can my employer demand that my sick certificates set out the nature of my illness?

In general, no. Under the Data Protection Acts, medical data is defined as sensitive data.  An employer has a legitimate interest in knowing how long an employee is likely to be absent from work. S/he also has a legitimate interest in knowing whether an employee, following an accident or illness, is capable of doing particular types of work.  Requiring employees to produce standard individual doctor’s certificates to cover absences due to illness does not therefore present any data protection issues.  But an employer would not normally have a legitimate interest in knowing the precise nature of an illness and would therefore be at risk of breaching the Acts if s/he sought such information    Even the consent of the employee may not allow the disclosure of such information to an employer as there is a doubt as to whether such consent could be considered to be freely given in such circumstances. 

There may be certain, very specific circumstances where a doctor may be legally obliged to report certain conditions to an employer for health and safety reasons but this would not involve making a full file available. Some organisations may also have a requirement that employees, who are perhaps on long term sick leave, are referred after a certain period to a company doctor for examination and the doctor will provide a report to the company advising whether they consider the person fit for work or not (again this would not involve the provision of a detailed medical report to the employer nor access to previous medical files). Neither of these scenarios would involve a breach of the Data Protection Acts.